ninety-seven
Reason and handling method of certificate application failure

Fileauth.txt content configuration error

If you use the file verification method to verify when submitting a digital certificate for audit, you may receive a verification failure return result when checking the configuration. In this case, the digital certificate verification failure may be caused by the following reasons:

explain:

It is recommended that you use curl-k-v to verify the file URL or wget-S to verify the file URL. Please test the authentication URL of HTTPS and HTTP respectively.

  • Possible Cause 1: HTTPS access mode has been enabled on some pages of your site, but the authentication file fileauth.txt is only deployed in the HTTP service path, not in the HTTPS service path. As a result, the corresponding file cannot be found when requesting using the HTTPS protocol.
    resolvent: Place the authentication file under the HTTP service path to ensure that it can be accessed through the HTTPS protocol. Temporarily turn off the HTTPS service on all pages of the site.
  • Possible Cause 2: When accessing the validation file, the site returned an error code. When trying to obtain the verification file information, the site returns an error code page, such as 50X internal error page, 40X error page, 30X redirect page, etc. Solution: Ensure that the correct authentication file content can be directly accessed through the authentication file URL specified by the CA center, and ensure that the final authentication file is not displayed in the Web browser through redirection and other methods.

explain:

You can detect whether there is redirection through whether the browser address has changed

  • Possible Cause 3: If your site has enabled CDN service, but the CDN service node has not completed overseas synchronization. Since the Symantec CA authentication server does not have a domestic image site, when your CDN image service node fails to complete synchronization overseas, the authentication file cannot be detected.
    resolvent: Synchronize the verification file to the overseas CDN service node, or temporarily close the CDN overseas acceleration service.

explain:

If you cannot change the CDN node server, it is recommended that you use DNS authentication to verify the domain name authorization

  • Possible Cause 4: Verifying the file timestamp timed out. The validation document in the document validation method is valid for seven days. When the timestamp information in the verification file content exceeds seven days, the verification will fail.
    resolvent: Log in to the certificate service management console, download the latest authentication file again and upload it to the specified directory on your website.

DNS configuration error, entry mismatch

If you use the DNS verification method to verify when submitting a digital certificate for audit, you may receive a return result that the DNS configuration content is not detected when checking the configuration. In this case, the failure of the digital certificate review application may be caused by the following reasons:

explain:

It is recommended that you use the following method to query the DNS resolution record value, analyze your domain name verification string output information, and ensure that the DNS resolution record has been correctly configured.

Windows: Use the nslookup command to query your domain name resolution status. Select the start menu, click Run, enter cmd, and enter the following command in the command line window: nslookup - qt=txt "Your domain name" Analyze your output information to ensure that DNS resolution records have been correctly configured.

Linux: Use the dig command to query your domain name resolution status. Enter the dig domain name txt on the Linux terminal to view the output information, and ensure that the DNS resolution record has been correctly configured.

Under Windows:

Under Linux:

  • Possible cause 1: The DNS resolution record value is incorrectly configured. DNS resolution records are divided into host records and corresponding record values. When the host record is configured correctly, but the corresponding resolution record value is configured incorrectly, a validation error will result.
    resolvent : Configure the correct DNS host records and record values.
  • Possible Cause 2: When using DNSPod or some other domain name resolution service providers' services, the CA center's verification returns are not accurate because the domain name resolution service providers' query returns different values from the expected return values for non-existent host records.
    resolvent: Ignore relevant errors prompted by domain name resolution settings, configure DNS resolution records as required, and complete domain name authorization verification.
  • Possible Cause 3: The timestamp in the DNS resolution record value timed out. The record value of DNS verification includes the time stamp. The expiration time of the time stamp of Symantec DV certificates is generally before 16:00 of the next day. When the timestamp information in the TXT record value exceeds 16:00 of the next day, the verification will fail.
    resolvent: Log in to the certificate service management console, obtain the latest TXT resolution record value, delete the original TXT record at the domain name resolution service provider, and add a new TXT resolution record.

explain:

In the domain name control panel of some domain name service providers, when the existing TXT record value is modified, the resolution record value takes more than two hours to take effect, while the new TXT record value can take effect soon. Therefore, it is recommended that you complete the verification by creating a new TXT record value. After the domain name is verified, relevant TXT resolution record information can be deleted.

  • Possible Cause 4: The domain name has enabled the dynamic resolution service. Your domain name has enabled the dynamic domain name resolution service, and the corresponding TXT resolution record value could not be synchronized to the overseas authoritative DNS server in time.
    resolvent: Please ensure that the dynamic resolution service is normal and that overseas resolution services can normally resolve your newly added TXT resolution records.

explain:

Please complete the synchronization of the domain name resolution record value as soon as possible. If you apply for a SymantecDV certificate, the domain name resolution record value cannot be synchronized with the overseas authoritative DNS server before 16:00 the next day, which will cause your domain name verification to fail.

For more certificate verification operations, refer to How to add DNS verification or file verification for 1-ary SSL certificates

Does this help solve your problem? resolved Unresolved

Submitted successfully! Thank you very much for your feedback, and we will continue to strive to do better! We are sorry that we were unable to resolve your question. We have received your feedback and will give feedback in time!

  • 100 times fault compensation
  • Refund for 1 day without reason
  • 7x24 service
  • 0 yuan fast filing
  • 1V1 Special Secretary